The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A software security verification method, comprising: receiving, by a first device, an instantiation request to instantiate a virtualized network function (VNF); performing, by the first device, security verification on a stored VNF packet of the VNF during an instantiation process of the VNF started by the first device according to the instantiation request of the VNF, wherein the security verification on the stored VNF packet of the VNF comprises authenticating the stored VNF packet of the VNF; sending, by the first device, first result information to a second device when security verification on the VNF packet of the VNF succeeds, wherein: a software image of the stored VNF packet is stored in the second device; and the first result information comprises information indicating that the security verification on the VNF packet of the VNF succeeds; sending, by the first device, first instruction information to the second device, wherein the first instruction information is configured to instruct the second device to perform security verification on the software image of the VNF; and receiving, by the first device, second result information from the second device, wherein the second result information comprises a result of performing security verification on the software image of the VNF by the second device.
2. The method according to claim 1 , wherein the method further comprises: when security verification on the VNF packet of the VNF fails, terminating, by the first device, VNF instantiation, or sending, by the first device, first result information to the second device, wherein the first result information comprises information that security verification on the VNF packet of the VNF fails.
3. The method according to claim 1 , wherein the VNF packet of the VNF comprises a software image of the VNF; and performing, by the first device, security verification on the stored VNF packet of the VNF comprises: performing, by the first device, security verification on the software image of the VNF.
4. The method according to claim 1 , wherein the first device is a network functions virtualization orchestrator (NFVO), and the second device is a virtualized infrastructure manager (VIM).
5. A software security verification method, comprising: determining, by a second device, a security verification result of a virtualized network function (VNF) packet of a VNF, wherein: the security verification result is a result of a security verification on a stored VNF packet of the VNF during an instantiation process of the VNF started by a first device according to an instantiation request of the VNF received by the first device; and a software image of the stored VNF packet of the VNF is stored in the second device; receiving, by the second device, first instruction information sent by a first device, wherein the first instruction information is configured to instruct the second device to perform security verification on the software image of the VNF; performing, by the second device, security verification on the software image of the VNF according to the first instruction information, and determining a security verification result of the software image of the VNF; sending, by the second device, second result information to the first device, wherein the second result information comprises the result of performing security verification on the software image of the VNF by the second device; and connecting, by the second device, a virtual machine (VM) to a network when the security verification on the VNF packet of the VNF succeeds and the software image of the VNF succeeds, wherein the VM is a VM created for the VNF by the second device.
6. The method according to claim 5 , wherein the method further comprises: terminating, by the second device, the VNF instantiation process when the security verification on the VNF packet of the VNF fails, wherein the VNF instantiation process comprises connecting the VM to the network.
7. The method according to claim 5 , wherein determining, by the second device, the security verification result of the VNF packet of the VNF comprises: receiving, by the second device, first result information from the first device, wherein the first result information comprises the security verification result of the stored VNF packet of the VNF.
8. A first device, comprising a processor, a memory, a bus, and a transmitter, wherein the processor, the memory, and the transmitter are connected to each other by using the bus; the processor is configured to: receive an instantiation request to instantiate a virtualized network function (VNF); during an instantiation process of the VNF started by first device according to the instantiation request of the VNF, perform security verification on a stored VNF packet of the VNF; and the transmitter is configured to: send first result information to a second device when a verification result of the processor indicates that security verification on the VNF packet of the VNF succeeds, wherein: a software image of the stored VNF packet is stored in the second device; and the first result information comprises information that security verification on the VNF packet of the VNF succeeds; send first instruction information to the second device, wherein the first instruction information is configured to instruct the second device to perform security verification on the software image of the VNF; and receive second result information from the second device, wherein the second result information comprises a result of performing security verification on the software image of the VNF by the second device.
9. The device according to claim 8 , wherein the processor is further configured to terminate VNF instantiation when security verification on the VNF packet of the VNF fails; or the transmitter is further configured to send first result information to the second device when security verification on the VNF packet of the VNF fails, wherein the first result information comprises information that security verification on the VNF packet of the VNF fails.
10. The device according to claim 8 , wherein the VNF packet of the VNF comprises a software image of the VNF; and the processor is further configured to perform security verification on the software image of the VNF.
11. A second device, comprising: a processor, a memory, a bus, wherein the processor and the memory are connected to each other by using the bus; and the processor is configured to: determine a security verification result of a virtualized network function (VNF) packet of a VNF, wherein the security verification result is a result of a security verification on a stored VNF packet of the VNF during an instantiation process of the VNF started by a first device according to an instantiation request of the VNF received by the first device; and connect a virtual machine VM to a network when determining that security verification on the VNF packet of the VNF succeeds, wherein the VM is a VM created for the VNF by the second device; and a transmitter, wherein the transmitter is configured to send second result information to the first device, wherein the second result information comprises the result of performing security verification on the software image of the VNF by the second device.
12. The device according to claim 11 , wherein the processor is further configured to terminate VNF instantiation when determining that security verification on the VNF packet of the VNF fails, wherein VNF instantiation comprises connecting the VM to the network.
13. The device according to claim 11 , wherein the second device further comprises a receiver, configured to receive first result information from a first device, wherein the first result information comprises the security verification result of the VNF packet of the VNF; and the processor is further configured to determine the security verification result of the VNF packet of the VNF according to the first result information received by the receiver.
14. The device according to claim 11 , wherein a software image of the stored VNF packet of the VNF is stored in the second device; the second device further comprises a receiver, configured to receive first instruction information sent by the first device, wherein the first instruction information is configured to instruct the second device to perform security verification on the software image of the VNF; and the processor is further configured to: perform security verification on the software image of the VNF according to the first instruction information received by the receiver; determine a security verification result of the software image of the VNF; and connect the VM to the network when determining that security verification on the VNF packet of the VNF and the software image of the VNF succeeds.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 27, 2017
August 25, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.